flow-nexus-swarm

This skill manifest is primarily documentation for a cloud orchestration product and does not contain direct malicious code. However, it instructs users/agents to install and execute remote packages via npm/npx and to add an MCP integration into the Claude agent that may forward credentials and grant broad permissions. Those download-and-execute and transitive-install patterns are high-risk supply-chain vectors. The remote endpoints (flow-nexus.ruv.io, GitHub) may be legitimate, but the documentation lacks detailed secure-auth guidance and least-privilege constraints. Recommendation: treat this skill as suspicious until the flow-nexus package and MCP implementation are audited — avoid running npx/npm commands in privileged environments, inspect the package source (https://github.com/ruvnet/flow-nexus) before installing, and ensure explicit, scoped authentication flows and RBAC for execution streams and file listings.